The basics of crypto, in 4.5 pages, using only small words lawmakers can understand

From the Boing Boing Shop

Follow Us

Ed Felten (previously) -- copyfighter, Princeton computer scientist, former deputy CTO of the White House -- has published a four-and-a-half-page "primer for policymakers" on cryptography that explains how encryption for filesystems and encryption for messaging works, so they can be less ignorant.

It is a remarkable and clear piece of technology writing, perhaps the best example of its type I've ever read. It's clearly the results of explaining the same thing, over and over and over and over again, using trial-and-error to identify the places where the audience gets tripped up, until what remains is a perfectly clear explanation of something that's both difficult to understand and vitally important.

Suppose two users, Alice and Bob, want to send a series of messages to each other. They want to
use encryption to protect the confidentiality of messages (so that nobody else can learn the
contents of messages) and the integrity of messages (so that nobody else can tamper with
messages without detection); and they want to use encryption to authenticate each other, so
they both know they are not communicating with an impostor.

For encrypted communication, each party will generate a long-term identity key, which they
keep secret. A party can use its long-term identity key to prove its identity to other parties.

As depicted below, encrypted communication operates in two phases. In the first phase, the
handshake, the two parties exchange a series of specially constructed messages. If all goes well,
the initial handshake has two results: each party gets confirmation of the other’s identity (i.e.
that the other party is the real Alice or Bob, and not an impostor), and Alice and Bob agree on a
secret session key that is known only to the two of them. The details of how the initial handshake
procedure gets these results are complex but not directly relevant to the policy discussion.
Having completed the initial handshake, Alice and Bob can proceed to send messages to

Volante Design (previously) has two new pieces: the Augment blazer and jacket, shipping on March 15 and available for pre-order today (Vest, $195: Men/Women; Blazer, $270: Men/Women), in men's sizes 37-51 (vest also in 55) and women's sizes 33-45.

Last year while I was on tour in Australia with my novel Walkaway, I sat down for an interview with legal scholar Rebecca Giblin (previously), whose Authors' Interest project studies how we would craft copyright (and other policies) if we wanted to benefit creators, rather than enriching corporations; we talked about the power and limits […]

Use a single password for every website, and you’re compromising your security. Use a different one each time, and you’re bound to lose track of them. The solution? RoboForm Everywhere, a catch-all tool that will not only manage the passwords on every site you visit but generate better ones. As a simple password database, it’s […]

Just a reminder: Print isn’t dead. And now that printers are becoming as portable as cell phones, it might be around for quite some time. Enter the MEMOBIRD Mobile Thermal Printer, a mini-printer that is versatile, portable – and most importantly, never needs a refill on ink or toner. Measuring just a few inches around, […]

What do Facebook, Twitter, YouTube and Google all have in common? Somewhere in their framework, they all use MySQL, that most versatile (and free!) of database management systems. And they’re not alone. If your company or the one you’d like to work for wrangles data (and who doesn’t?), they’re going to need someone with a […]